Lucene search

K
saintSAINT CorporationSAINT:01F6AB181B9716E570CF44A9F1F8F548
HistoryApr 03, 2007 - 12:00 a.m.

MERCUR imapd NTLMSSP

2007-04-0300:00:00
SAINT Corporation
download.saintcorporation.com
9

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.608 Medium

EPSS

Percentile

97.8%

Added: 04/03/2007
CVE: CVE-2007-1578
BID: 23058
OSVDB: 33545

Background

[MERCUR Messaging Server](<http://www.atrium-software.com/index.php?conte
nt=mercur>) is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.

Problem

A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary commands by sending a specially crafted NTLM Type 3 message to the imapd service.

Resolution

Upgrade to MERCUR Messaging Server 5.0 SP5 or higher when available.

References

<http://secunia.com/advisories/24596&gt;

Limitations

Exploit works on MERCUR Messaging Server 5.0 SP3 and SP4 on Windows 2000.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.608 Medium

EPSS

Percentile

97.8%

Related for SAINT:01F6AB181B9716E570CF44A9F1F8F548